It looks like TLS with a trust store would be the way to go. Better
than to roll your own.

Advertising

Marc-André LAVERDIÈRE
"Perseverance must finish its work so that you may be mature and
complete, not lacking anything." -James 1:4
mlaverd.theunixplace.com/blog
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
2010/7/22 Prakash Rao <prakashrao1...@gmail.com>:
> Thanks for the response...
>
> I was just going through various protocol buffer discussion forum
> topics and found the below one which talks about putting a signature
> in proto object and do a validation before processing the payload. I
> believe this is what you guys are referring to when you say "add HMAC
> to your proto messages". Yes, this is something simple that can be
> tried out.
>
> http://groups.google.com/group/protobuf/browse_thread/thread/a3a2742bffe3a8e5
>
> We have SSL for our http communication and we allow communication from
> client only if server certificate is imported in the client keystore.
> I'm just curious to find out best possible ways to avoid my proto
> object data tampering (in case of man in the middle of attack)
> especially when server is in public domain (internet).
>
> Regards,
> Prakash
>
> On Jul 22, 9:36 am, Marc-André Laverdière
> <marcandre.laverdi...@gmail.com> wrote:
>> Protobuf allows you to build your conceptual protocol the way you want it.
>> If you want security features on top of it, you can either add it to
>> your messages, or you can use a secure network layer that does the
>> work for you. Its your call.
>> Personally, I'm against reinventing the wheel, so I use protobuf over
>> TLSv1 with a good set of cipher suites configured :)
>>
>> Marc-André LAVERDIÈRE
>> "Perseverance must finish its work so that you may be mature and
>> complete, not lacking anything." -James 1:4
>> mlaverd.theunixplace.com/blog
>>
>> /"\
>> \ / ASCII Ribbon Campaign
>> X against HTML e-mail
>> / \
>>
>> 2010/7/21 Prakash Rao <prakashrao1...@gmail.com>:
>>
>>
>>
>> > Is there a way to add security layer to protocol buffer if I'm writing
>> > my proto objects to https output stream? In java we have sealed
>> > objects and we can have signature attached to it to make sure objects
>> > are not tampered on the receiving end. Is there something similar in
>> > protocol buffer as well?
>>
>> > I’m just trying understand what all different options that protocol
>> > buffer provides as far security is concerned when compared to web
>> > services to make sure data is not tampered. Web services comes with
>> > good security models (such XML signature, SAML) to make sure data is
>> > not tampered.
>>
>> > Regards,
>> > Prakash
>>
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "Protocol Buffers" group.
>> > To post to this group, send email to proto...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > protobuf+unsubscr...@googlegroups.com.
>> > For more options, visit this group
>> > athttp://groups.google.com/group/protobuf?hl=en.- Hide quoted text -
>>
>> - Show quoted text -
>
> --
> You received this message because you are subscribed to the Google Groups
> "Protocol Buffers" group.
> To post to this group, send email to proto...@googlegroups.com.
> To unsubscribe from this group, send email to
> protobuf+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/protobuf?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Protocol Buffers" group.
To post to this group, send email to proto...@googlegroups.com.
To unsubscribe from this group, send email to
protobuf+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/protobuf?hl=en.